OK, I have now tried three versions of Samba and all react the same way. This tells me that I physically have an issue with a database or something. Is it going to be faster for me to simply wipe the entire AD, restore my Windows Server clean install image, and start over? I have until midnight to make this work. It is 1810hrs now. Lead IT/IS Specialist Reach Technology FP, Inc On 10/27/2016 05:20 PM, Ryan Ashley via samba wrote:> Rowland, I just tried that. I cannot bring up ADUC. It tells me that the > RPC server is unavailable. I am not sure how to check or change this in > the Linux shell. I do NOT remember giving Authenticated Users a GID. > > Lead IT/IS Specialist > Reach Technology FP, Inc > > On 10/27/2016 05:12 PM, Rowland Penny wrote: >> On Thu, 27 Oct 2016 16:57:30 -0400 >> Ryan Ashley via samba <samba at lists.samba.org> wrote: >> >>> I just found this in a log. It is the smbd log, to be exact. >>> >>> [2016/10/27 16:54:11.689360, 0] >>> ../source4/auth/unix_token.c:107(security_token_to_unix_token) >>> Unable to convert SID (S-1-5-11) at index 9 in user token to a GID. >> >> That is Authenticated Users, have you given any of the BUILTIN users >> and groups a uid/gidNumber ? If so, try removing them. I normally just >> give 'Domain Users' & 'Domain Admins' a gidNumber. >> >> Rowland >> >
Try using 4.4.5 vanilla or 4.5.1 with the patch attached. I don't you need to restore, but that's your call. I had the same problem as you and either fixed it for me. Thanks, Arthur On 10/27/2016 05:10 PM, Ryan Ashley via samba wrote:> OK, I have now tried three versions of Samba and all react the same way. > This tells me that I physically have an issue with a database or > something. Is it going to be faster for me to simply wipe the entire AD, > restore my Windows Server clean install image, and start over? I have > until midnight to make this work. It is 1810hrs now. > > Lead IT/IS Specialist > Reach Technology FP, Inc >This e-mail and any attachments may contain CONFIDENTIAL information, including PROTECTED HEALTH INFORMATION. If you are not the intended recipient, any use or disclosure of this information is STRICTLY PROHIBITED; you are requested to delete this e-mail and any attachments, notify the sender immediately, and notify the Mediture Privacy Officer at privacyofficer at mediture.com. -------------- next part -------------- A non-text attachment was scrubbed... Name: samba-4.5.1-no-11520.diff Type: text/x-patch Size: 14304 bytes Desc: not available URL: <lists.samba.org/pipermail/samba/attachments/20161027/98402bb6/samba-4.5.1-no-11520-0001.bin>
OK, I am both panicked and lost now. I stopped Samba, uninstalled, removed the source directory, removed every Samba directory on the system (/var/lib/samba, /var/log/samba, /var/cache/samba, /var/run/samba, /usr/lib/python2.7/dist-packages/samba), rebooted, cloned 4-5-stable, configured, built, installed, provisioned a new domain, and this is what I get. I am following the guide to the letter. root at dc01:~# smbclient -L localhost -U administrator Enter administrator's password: session setup failed: NT_STATUS_INVALID_SID So what in the heck is going on? I have no firewall on this system, so RPC should not be blocked. Lead IT/IS Specialist Reach Technology FP, Inc On 10/27/2016 06:49 PM, Arthur Ramsey via samba wrote:> Try using 4.4.5 vanilla or 4.5.1 with the patch attached. I don't you > need to restore, but that's your call. I had the same problem as you > and either fixed it for me. > > Thanks, > Arthur > > On 10/27/2016 05:10 PM, Ryan Ashley via samba wrote: >> OK, I have now tried three versions of Samba and all react the same way. >> This tells me that I physically have an issue with a database or >> something. Is it going to be faster for me to simply wipe the entire AD, >> restore my Windows Server clean install image, and start over? I have >> until midnight to make this work. It is 1810hrs now. >> >> Lead IT/IS Specialist >> Reach Technology FP, Inc >> > > > > This e-mail and any attachments may contain CONFIDENTIAL information, > including PROTECTED HEALTH INFORMATION. If you are not the intended > recipient, any use or disclosure of this information is STRICTLY > PROHIBITED; you are requested to delete this e-mail and any attachments, > notify the sender immediately, and notify the Mediture Privacy Officer > at privacyofficer at mediture.com. > >